At the time @aashish24 created this issue, I believe the potential vulnerability was with highlight.js, and was assigned "moderate" severity. It looks like this vulnerability can be fixed by simply re-running the npm install and committing the resulting package-lock.json.
Yesterday, a new potential vulnerability was discovered with axios, which was assigned "high" severity. In order to pick up the fixed version, we may need girder/girder-web-components and InsightSoftwareConsortium/itk-js to update their dependency on axios.
At the time @aashish24 created this issue, I believe the potential vulnerability was with
highlight.js
, and was assigned "moderate" severity. It looks like this vulnerability can be fixed by simply re-running thenpm install
and committing the resultingpackage-lock.json
.Yesterday, a new potential vulnerability was discovered with
axios
, which was assigned "high" severity. In order to pick up the fixed version, we may needgirder/girder-web-components
andInsightSoftwareConsortium/itk-js
to update their dependency onaxios
.